System and method for pre-encryption of transmitted content

ABSTRACT

A system and a method for the creation and transmission of “pre-encrypted” digital content, which is encrypted before being placed on a distributed media transmission server. Preferably a plurality of such servers are used, for example in order to be able to place such a media transmission server in physical proximity to the end user client, whether in terms of geographical proximity or proximity through the network. Use of a plurality of transmission servers also optionally enables the media content to be transmitted flexibly, according to the request of the end user through the end user client.

The present application is a 35 USC § 371 application of PCT/IL01/00741,filed on 10 Aug. 2001 and entitled System and Method for Pre-Encryptionof Transmitted Content, which was published on 21 Feb. 2002 withInternational Publication No. WO 02/15578 A1, and which claims thebenefit of the filing date of provisional application Ser. No.60/298,958 which was filed on 18 Jun. 2001.

FIELD OF THE INVENTION

The present invention relates to a system and a method forpre-encryption of transmitted content.

BACKGROUND OF THE INVENTION

Digital content can easily and efficiently be delivered through any typeof suitable network, such as a cable network and/or a computer network.In particular, digital content can be efficiently delivered toindividual users upon request, thereby enabling users to receivepersonalized content “on demand”. Such personalization is particularlyuseful for digital content, such as video data and audio data, fordisplay and/or playback through various types of media devices, in whichthe taste of the user is highly individualized. For example, users couldselect individual portions of music, television programs, movies andother types of entertainment, and receive these selections as digitalcontent.

However, in order for digital content to be fully effectively deliveredto users, a number of mechanisms need to be provided. First, if paymentis required, then the digital content should be secure against theft,such that only authorized users can retrieve and display the digitalcontent. Second, the user should also easily be able to effect paymentwhere required, in order to encourage proper payment and usage. Third,neither of these mechanisms should interfere with the efficient deliveryand display/playback of the digital content.

One attempt to provide such effective mechanisms is described in U.S.Pat. Nos. 5,282,249 and 5,481,609, which are hereby incorporated byreference as if fully set forth herein. The disclosed system enables asignal containing media content to be broadcast widely, yet only to beplayed back or otherwise displayed by authorized users. This signalcould contain a television program for example. The signal is scrambled,such that the authorized users are able to descramble the signal andplay back or otherwise display the media content only with the propersecurity device, such as a smart card for example. Thus, widely receivedmedia content is still protected from access by unauthorized users.

The scrambled television data streams described in U.S. Pat. Nos.5,282,249 and 5,481,609 feature both scrambled data representingtelevision signals and coded control messages, also known as ECMs. TheseECMs contain, in a coded form, data necessary for generating a controlword (CW) which may be used to descramble the scrambled datarepresenting television signals.

While U.S. Pat. Nos. 5,282,249 and 5,481,609 describe an analog system,that is, a system in which analog television data streams are broadcastto television sets, it is appreciated that similar ECM methods may alsobe used for digital television data streams. Generally, the scramblingtechniques used for scrambling analog television signals such as, forexample, the well-known “cut-and-rotate” technique, are chosen for theirparticular applicability to analog signals. However, scrambling ofdigital television signals preferably employs other techniques, whichare well-known in the art and which are more appropriate to digitalsignals. One example of such a technique is the application of thewell-known DES algorithm to the digital television signals.

Methods of transmitting a scrambled digital signal, including ECMs, aredescribed in the MPEG-2 standard, ISO/IEC 13818-1, Apr. 15, 1996 andsubsequent editions.

Another attempted solution to the problem of content protection isdescribed in published European Patent Application No. EP 0858184 andcorresponding U.S. Pat. No. 6,178,242, which disclose a digitalrecording protection system and which are hereby incorporated byreference as if fully set forth herein. The disclosed system enables thedigital content to be sent in a scrambled format, such that the digitalcontent cannot be read and/or displayed without a key. The key isobtained from a control message, which is only sent to authorized users.Preferably, the key is obtained from coded information contained withinthe Entitlement Control Message, or ECM, for generating a code wordassociated with the ECM. Thus, only authorized users are able tocorrectly read and/or display the digital content.

In addition, the system and method described in European PatentApplication No. EP 0858184 enable the authorized user to record andplayback or otherwise display the digital content, while preventing theuser from producing and distributing multiple playable copies of thedigital content to other, non-authorized users. Therefore, theauthorized user is able to fully use and enjoy the digital content,while the content itself is still protected from unauthorized use.

As described in European Patent Application No. EP 0858184, and as shownin background art FIG. 1 taken from this Application, such a systemincludes a media device 100, such as a television set, for playing thedigital content, such as a television program for example. Media device100 is connected to an integrated receiver-decoder (IRD) 110, forreceiving and decoding the scrambled digital content. The system alsofeatures a removable security element 120, such as a smart card forexample, for providing control words for unscrambling, or otherwiserendering into a clear format, the scrambled digital content by IRD 110.In addition, the system features a digital VCR 130 for communicatingwith media device 100 and IRD 110. Digital VCR 130 is able to record thedigital content for later playback and/or display by media device 100.

IRD 110 receives scrambled digital content which features a plurality ofECMs, each of which is associated with, and is typically followed by, ascrambled digital data segment, containing the actual digital content.Each ECM includes coded information which can be used to generate a codeword for unscrambling the associated scrambled digital data segment.Typically, removable security element 120 generates the code word. IRD110 is then able to descramble the scrambled digital content, forexample for being played by media device 100.

Background art FIG. 2, also taken from European Patent Application No.EP 0858184, is a flow diagram illustrating the production of thescrambled digital content. As shown, the scrambled digital content isproduced as an SDDS (scrambled digital data stream) 140, featuring aplurality of ECMs such as an nth ECM 145, and a plurality of associatedSDSEGs such as an nth SDSEG (scrambled digital data segment) 150 whichis associated with nth ECM 145. IRD 110 of FIG. 1, in cooperation withremovable security element 120, is able to use SDDS 140 in order to forma recording SDDS 165. Recording SDDS 165 is produced with the additionof a TECM (transformed ECM) key, which is permanently associated withthe system of FIG. 1, even if removable security element 120 is changed,replaced or exchanged, for example. This TECM key is used to make aplurality of TECMs, shown as nth TECM 175, from the code words of theECMs. Thus, a system which did not feature the correct TECM key couldnot descramble the recording SDDS 165 for playing back or otherwisedisplaying the digital content, while the authorized user is always ableto play back or otherwise display the recorded digital content as longas the TECM key is available.

PCT Application No. WO 00/01149 describes a system for data streamprocessing which enables encrypted data streams to be transmitted to theend user in advance of being displayed. The encrypted data streams arestored and are then only decrypted at the time of display or “playback”.

PCT Application No. WO 01/35669 describes a mechanism for processing ascrambled data stream, in which points within the stream are selectedheuristically for recording the scrambled stream. The scrambled streamis only unscrambled, or rendered accessible for display, at the time ofplayback.

The disclosures of all references mentioned above and throughout thepresent specification are hereby incorporated herein by reference.

SUMMARY OF THE INVENTION

None of the background art solutions teaches or suggests a solutionwhich combines the security of broadcasting from a central entity withthe flexibility of distributed transmission entities. In addition, noneof the background art solutions teaches or suggests a solution whichprovides greater flexibility for transmission of content while stillmaintaining the security of the digital content.

Therefore, there is an unmet need for, and it would be highly useful tohave, a system and a method for distributed, secure transmission ofencrypted digital content, which optionally provides for increasedflexibility of transmission mechanisms, such as point-to-point and/orreception of the encrypted content in advance of playback or display.The background art requires control to be maintained at a centralbroadcasting entity, in order for the encryption keys and/or informationfor generating such keys to be correctly distributed. By contrast, thesystem and method of the present invention do not require any suchtransmission of the encrypted content by a central broadcasting entity,thereby providing greater flexibility for transmission of the content.

The present invention provides a system and a method for the creationand transmission of “pre-encrypted” digital content, which is encryptedbefore being placed on a distributed media transmission server.Preferably a plurality of such servers are used, for example in order tobe able to place such a media transmission server in physical proximityto the end user client, whether in terms of geographical proximity orproximity through the network. As described in greater detail below, useof a plurality of media transmission servers also optionally enables themedia content to be transmitted flexibly, according to the request ofthe end user through the end user client.

The key which is used to decrypt the encrypted data is preferably itselfgeneratable from information which is contained in a SECM (Server ECM,or Entitlement Control Message). The encrypted data may also optionallybe accessed through the use of a control word. Optionally the key andthe control word are the same entity, or alternatively the key couldoptionally be generatable from the control word. The control word inturn could optionally be generatable from control word generatinginformation, which is more preferably contained in the SECM.

The SECM itself is preferably not sent to the end user client. Instead,upon request by the end user client, or optionally before such a requestis sent, a PECM (Personalized ECM) is generated at least partially fromthe control word generating information contained in the SECM. The PECMtherefore preferably contains information which is sufficient for theend user client to access the encrypted content. Optionally and morepreferably, the control word generating information contained in thePECM is at least partially generated according to at least onecharacteristic of the end user client.

More preferably, only the particular end user client for which the PECMhas been generated is then able to use the information contained in thePECM to access the encrypted data.

According to a preferred embodiment of the present invention, theencrypted data is divided into segments, according to a predeterminedperiod of time for each segment or crypt-period, such that the SECM andhence the PECM are changed periodically. In order to accommodate“fast-forward” and “rewind” modes for viewing the content by the enduser client, in which the segments of data are not played sequentially,optionally and preferably the media transmission server dynamicallyedits the data. As such editing cannot be performed if the data isencrypted, more preferably at least portions of the data are notencrypted.

Hereinafter, the terms “file”, “portion” or “item”, with regard todigital content, are used interchangeably and refer to any unit of datafor such digital content, whether as a functional unit such as a packetfor example, or as a conceptual unit such as a television program forexample.

For the present invention, a software application could be written insubstantially any suitable programming language, which could easily beselected by one of ordinary skill in the art. The programming languagechosen should be compatible with the computational device according towhich the software application is executed. Examples of suitableprogramming languages include, but are not limited to, C, C++, Java andAssembly.

In addition, the present invention could be implemented as software,firmware or hardware, or as a combination thereof For any of theseimplementations, the functional steps performed by the method could bedescribed as a plurality of instructions performed by a data processor.In addition, for the software implementation, the functional stepsperformed by the method could be described as a plurality ofinstructions performed by a computer software product.

Hereinafter, “Applied Cryptography” by Bruce SCHNEIDER, John Wiley 2anded. 1996, is incorporated by reference as if fully set forth herein, forthe teachings regarding cryptography and techniques for implementationthereof.

This Application claims priority from U.S. Provisional Application No.60/298,958, filed on 18 Jun. 2001; United Kingdom Patent Application No.0019879.6, filed on Aug. 11, 2000; and United Kingdom Patent ApplicationNo. 0114235.5, filed on Jun. 11, 2001; all of which are herebyincorporated by reference as if fully set forth herein.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is herein described, by way of example only, withreference to the accompanying drawings, wherein:

FIG. 1 is a schematic block diagram of a background art system;

FIG. 2 shows a flow diagram illustrating the production of the scrambleddigital content according to the background art;

FIG. 3 is a schematic block diagram of an illustrative system accordingto the present invention;

FIG. 4 is a schematic block diagram of an illustrative embodiment of adistributed media transmission server according to the presentinvention; and

FIG. 5 is a flowchart of an exemplary method according to the presentinvention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention is of a system and a method for the creation andtransmission of “pre-encrypted” digital content, which is encryptedbefore being placed on a distributed media transmission server.Preferably a plurality of such servers are used, for example in order tobe able to place such a media transmission server in physical proximityto the end user client, whether in terms of geographical proximity orproximity through the network. As described in greater detail below, useof a plurality of transmission servers also optionally enables the mediacontent to be delivered more flexibly, according to the request of theend user through the end user client.

The key which is used to decrypt the encrypted data is preferably itselfgeneratable from information which is contained in a SECM (Server ECM,or Entitlement Control Message). The encrypted data may also optionallybe accessed through the use of a control word. Optionally the key andthe control word are the same entity, or alternatively the key couldoptionally be generatable from the control word. The control word inturn could optionally be generatable from control word generatinginformation, which is more preferably contained in the SECM.

The SECM itself is preferably not sent to the end user client. Instead,upon request by the end user client, or optionally before such a requestis sent, a PECM (Personalized ECM) is generated at least partially fromthe control word generating information contained in the SECM. The PECMtherefore preferably contains information which is sufficient for theend user client to access the encrypted content. Optionally and morepreferably, the control word generating information contained in thePECM is at least partially generated according to at least onecharacteristic of the end user client.

Alternatively, the key and/or the control word could optionally be sentdirectly to the end user client for decrypting the encrypted content,although this implementation is less preferred for security reasons.

More preferably, only the particular end user client for which the PECMhas been generated is then able to use the information contained in thePECM to access the encrypted data.

It should be noted that the key and/or control word for decrypting theencrypted content is not necessarily the same key and/or control wordwhich is used for encrypting the content, as both asymmetric andsymmetric encryption are suitable for the present invention.

According to a preferred embodiment of the present invention, theencrypted data is divided into segments, according to a predeterminedperiod of time for each segment or cryptoperiod, such that the SECM andhence the PECM are changed periodically. In order to accommodate“fast-forward” and “rewind” modes for viewing the content by the enduser client, in which the segments of data are not played sequentially,optionally and preferably the media transmission server dynamicallyedits the data. As such editing cannot be performed if the data isencrypted, more preferably at least portions of the data are notencrypted.

According to a preferred embodiment of the present invention, at leastone PECM containing control word generating information necessary todecrypt the first segment of the content to be displayed is sent to theend-user client in advance of said content. The other PECMs necessary todecrypt subsequent parts of the content are then preferably delivered inadvance of the corresponding segments of the content. Alternatively, allthe PECMs necessary to decrypt all of the content can be deliveredbefore the actual content.

More preferably, as each segment or crypt-period is about to start, amarker packet or other unit of data is included in the content datastream to indicate which control word/key is required to decrypt the newsegment of the content.

Systems for scrambling/encrypting digital content data are well known inthe art, for example in U.S. Pat. Nos. 5,282,249 and 5,481,609, both toCohen et al., which are hereby incorporated by reference as if fully setforth herein. The disclosed system enables a signal containing mediacontent, such as a television program for example, to be transmittedwidely, yet only to be played back or otherwise displayed by authorizedusers.

Scrambled television data streams described in the Cohen et al patentscomprise both scrambled data representing television signals and codedcontrol messages, also known as ECMs (Entitlement Control Messages). TheECMs of Cohen et al comprise, in a coded form, data necessary forgenerating a control word (CW) which may be used to descramble thescrambled data representing television signals.

Data necessary for generating a control word is known in the backgroundart to take many different forms and may include, in general, at leastany of the following: a control word; an encrypted control word packetwhich is intended to be decrypted before use; and a seed to a generatingfunction such as, for example, a one-way function which generates thecontrol word upon input of the seed. Throughout the presentspecification and claims the term “control word generating information”is used to designate data necessary for generating a control word and/orkey in any appropriate form, as described above.

The principles and operation of the present invention may be betterunderstood with reference to the drawings and the accompanyingdescription.

Referring now to the drawings, FIG. 3 is a schematic block diagram of anillustrative system according to the present invention. Although theoperation of the system is described with regard to television programcontent, it is understood that this is for the purposes of illustrationonly and is without any intention of being limiting in any way.

As shown, a system 300 according to the present invention features aclear media content feeder 310 for providing unencrypted, or “clear”digital media content. Such digital media content is optionally audioand/or video content, for example. For the purposes of explanation onlyand without wishing to be limiting, the digital content is assumed to atleast include video content.

The unencrypted or “clear” video content is passed to an encoder 320,which compresses the digital media content. Preferably, encoder 320 alsotranslates the content into a suitable transmission format, whichoptionally and more preferably is the MPEG-2 (Moving Pictures ExpertGroup 2) SPTS (Single Program Transport Stream) format (see for examplehttp://www.cselt.it/mpeg for a description). This format is particularlypreferred for transmission of a single television program or other mediacontent in a transport stream at any given time. The MPEG-2 standardalso defines compression methods for compressing the digital mediacontent. Alternatively, other formats may optionally be used which aresuitable for transport of a plurality of such programs in a singletransport stream, although for the sake of clarity, the operation of thepresent invention is described with regard to the MPEG-2 SPTS format.

The formatted digital content is then sent to a content preparationstation 330 according to the present invention. Content preparationstation 330 preferably handles at least the initial encryption steps.Content preparation station 330 preferably features a real-time captureunit 340, for capturing the correctly formatted content. Optionally,real-time capture unit 340 analyzes the content for determining metadatarelated to the content, such as the start and end points of thetelevision program, for example. Real-time capture unit 340 preferablyautomatically generates the metadata. A metadata generator 345preferably permits the manual generation and/or editing of the metadata.This metadata is then preferably sent to a metadata database 350.

The clear digital content is then sent to a scrambler 360, preferablywithin content preparation station 330, for being scrambled orencrypted. Scrambler 360 preferably follows the real-time MPEG-2multiplexer format for scrambling the digital content, although aspreviously described, more preferably the MPEG-2 SPTS format is used.Scrambler 360 also preferably generates an encryption key for at leastencrypting the scrambled or encrypted content, although alternativelysuch a key is generated by a separate key generating unit (not shown).It should be noted, as described above, that different keys and/orcontrol words may optionally be used for encrypting and decrypting thecontent. Any type of suitable encryption algorithm may optionally beused, including but not limited to, triple-DES, DES and the industrystandard DVB (Digital Video Broadcast consortium) scrambling algorithm.The encrypted content is then preferably stored in a media store 370.

At some point, a decryption key needs to be created for at leastdecrypting the scrambled or encrypted content, although alternativelysuch a key is generated by a separate key generating unit (not shown).More preferably, this key and/or control word for at least decryptingthe encrypted content is not directly generated by scrambler 360, or atleast such direct generation is not necessary. Instead, scrambler 360more preferably generates one or more ECMs (Entitlement ControlMessages), which contain the information which is necessary to generatethe control word (control word generating information) and/or thecontrol word itself. Preferably, control word generating information isgenerated and placed into the ECM. The generation and transmission ofsuch ECMs is previously described with regard to background art FIGS. 1and 2.

Preferably, each ECM is encrypted and/or digitally signed to prevent anunauthorized user from tampering with the control word and/or controlword generating information. Also preferably, the key/control word fordecrypting and/or encrypting the digital content is produced from thecontrol word generating information in the ECM through some type ofone-way function. Examples of suitable one-way functions are well knownin the art (see for example the previously incorporated “AppliedCryptography” by Bruce SCHNEIDER, John Wiley 2and ed. 1996).

More preferably, two different types of ECMs are used: PECMs (personalECMs) and SECMs (server ECMs). SECMs are preferably used by contentpreparation station 330 to contain the general control word generatinginformation. As described in greater detail below, more preferably, theSECMs are not sent to the end-user client (shown as end-user client390). Instead, PECMs, which are most preferably personalized for eachend-user client, are generated from the control word generatinginformation contained in the SECM and are sent to end-user client 390for accessing the encrypted data. Thus, the data does not need to beseparately encrypted for each end-user client, yet access is stillcontrolled such that only the particular end-user client 390 for whichthe PECM has been generated is preferably able to access the encrypteddata.

SECMs optionally and preferably include business rules which areassociated with the scrambled content. Examples of such business rulesinclude, but are not limited to, parental rating, embargo dates,regional blackouts and so forth.

The SECMs are preferably stored in a separate file, rather than beingstored with the encrypted digital content itself. Such storage of theSECMs in a separate file is preferred in order to enable the digitalcontent to be displayed “out of order”, rather than in a simple linearsequence. For example, the user might optionally prefer to “fastforward” the displayed content to a later segment without displaying theintervening segments. As described in greater detail below, storing theSECMs in a separate file enables such content to be displayed in aflexible order.

The separate file also preferably includes information about the startand end of each “crypt-period”, or portion of the encrypted contentwhich may be accessed through a particular control word. Thecrypt-periods may optionally vary in size, but more preferably aresufficiently long that the next control word generating information canbe received, and the decryption key generated, by end-user client 390before the next crypt-period begins.

Once the digital media content has been encrypted, preferably theencrypted content, the metadata and the SECMs are loaded onto contentpreparation station 330 for being sent to a transmission server 380.Transmission server 380 is preferably one of a plurality of such servers(not shown), which transmit the encrypted digital media content to anend-user client 390. Transmission server 380 is optionally connected toend-user client 390 through a network 395 as shown, althoughalternatively, transmission server 380 is implemented with end-userclient 390 at a single physical location. For the purposes ofdescription only and without any intention of being limiting,transmission server 380 is assumed to be connected to end-user client390 through network 395.

A plurality of transmission servers 380 is preferred in order forend-user client 390 to receive encrypted data from a selectedtransmission server 380 which is more preferably able to deliver thehighest quality of service. For example, such a transmission server 380may optionally be in closest physical proximity to end-user client 390.However, it should be noted that optionally, a transmission server 380is located within end-user client 390, although as previously discussed,for the purpose of the present description, transmission server 380 isassumed to be connected to end-user client 390 through network 395, andtherefore is assumed to be located at a physical distance from end-userclient 390.

A preferred implementation for transmission server 380 is shown withregard to FIG. 4. Transmission server 380 is preferably connected to anencryption head-end 400, which receives a client identifier for end-userclient 390 and a SECM (or at least the control word generatinginformation contained in the SECM), and preferably uses this informationto generate a PECM by a PECM generator 410. PECM generator 410 generatesthe PECM such that end-user client 390 is able to decrypt the encrypteddata from at least control word generating information contained in thatPECM. As noted, alternatively the control word itself is contained inthe PECM. More preferably, only the particular end-user client 390 forwhich the PECM has been generated is able to use at least the controlword generating information contained in the PECM in order to access theencrypted data, since the PECM, or at least the control word generatinginformation, is generated at least partially according to onecharacteristic of end-user client 390. Therefore, preferably the controlword generating information which is transmitted, in the form of thePECM, is personalized to prevent access by unauthorized users.

At least the control word generating information is preferably extractedfrom the SECM by a SECM extractor 420. This information is required togenerate the PECM, or at least the control word generating informationtherein, by PECM generator 410. More preferably, the control wordgenerating information is modified by PECM generator 410 in order togenerate the PECM. Alternatively, SECM extractor 420 may optionally usethe control word generating information to create a control word, whichwould then be used to produce translated control word generatinginformation.

In any case, SECM extractor 420 may also optionally decrypt the SECM aspart of the extraction process, if the SECM is received by SECMextractor 420 as encrypted data.

Optionally and more preferably, encryption head-end 400 is connected totransmission server 380 through a CA (conditional access) bridge 430.

PECM generator 410 preferably generates one or more PECMs, and morepreferably generates one PECM for each SECM which is received. Each PECMcontains control word generating information, translated from the SECM,which enables end-user client 390 to derive or generate the control wordfor allowing access to the encrypted content. Each PECM also mostpreferably contains at least a portion of the business rules from theSECM, but is encrypted such that preferably only the requesting end-userclient 390 is able to decrypt the PECM. The algorithms for retrievingand/or generating the control word from each of SECM and PECM arepreferably not identical. Each end user client 390 preferably has aseparate algorithm and/or information which is required for generatingthe control word from the appropriate PECM.

Encryption of the PECM preferably incorporates either the clientidentifier, or information which is available to encryption head-end400, for example through a look-up table, which is retrieved accordingto the client identifier. Encryption head-end 400 then returns each PECMto transmission server 380, preferably through CA bridge 430.

Transmission server 380 preferably features a CA (conditional access)interface 440 for retrieving SECMs from the (preferably separate) filein a media store 450. Media store 450 also preferably stores theencrypted content which is received from the content preparation station(not shown; see FIG. 3). CA interface 440 preferably receivesinstructions for determining which content to retrieve from a controlprocess 460, which preferably receives and processes the request forcontent from end-user client 390. Control process 460 optionally andmore preferably authenticates end-user client 390, for example by usingan MD5 digest. In addition, control process 460 more preferablydecomposes the request for content into the request for a sequence ofsegments from one or more physical files, most preferably according tometa-data information which is stored in a meta-data database 470.

Once the PECM has been generated, and optionally inserted into thetransport stream or otherwise delivered to end-user client 390, theactual encrypted digital content is preferably streamed to end-userclient 390 by a video pump 480. Video pump 480 is therefore optionallyimplemented according to any suitable delivery mechanism. Alsooptionally, video pump 480 inserts the PECM(s) into the transport streamas required.

Transmission server 380 and encryption head-end 400 may optionally betermed a transmission device 485, whether physically located together orseparated.

A preferred operation of the present invention with regard to FIG. 4 ispreferably performed as follows, as also described with regard to theflowchart of FIG. 5. In stage 1, transmission server 380 preferablyreceives the client identifier from end-user client 390 when the userwishes to receive encrypted content. In stage 2, transmission server 380then preferably authenticates the identity of end-user client 390 andalso determines whether end-user client 390 (and hence the user) isentitled to receive the requested content.

If end-user client 390 is entitled to receive the content, then in stage3, transmission server 380 retrieves the one or more SECMs which areassociated with the content, and sends them with the identifier forend-user client 390 to encryption head-end 400. The SECMs may optionallybe sent to encryption head-end 400 as a batch process at the start ofthe content transmission process, or alternatively may be sentindividually to encryption head-end 400 as required. Encryption head-end400 then generates one or more PECMs as previously described, in stage4.

Transmission server 380 preferably inserts the PECMs into the transportstream of the digital media content as it is being streamed to end-userclient 390 in stage 5, or otherwise delivers the PECMs to end-userclient 390. The timing of the transmission is preferably determined suchthat end-user client 390 has sufficient time to receive and decrypt thePECM before the control word derived from the control word generatinginformation in the PECM is required for decrypting the transmittedencrypted digital media content. Transmission server 380 transmits therequested digital content to end-user client 390.

According to preferred embodiments of the present invention, the timingof delivery of the PECM(s) to end-user client 390 is at least partiallydetermined by the mode of operation of end-user client 390, such thattransmission server 380 preferably receives information about this modeof operation from end-user client 390. Each PECM is preferably deliveredto end-user client 390 a defined period of time before display of therelevant encrypted portion of the transport stream is performed. Forexample, such a defined period of time is optionally 0.5 seconds beforethe time of display.

Preferably, end-user client 390 features an additional operational mode,in which the user is able to “fast-forward” or skip at least a portionof the digital content, such that the digital content is not displayedaccording to a strictly linear sequence. This operational mode alsorequires the appropriate content to be transmitted by transmissionserver 380, such that at least a portion of the transport stream isskipped. However, such a mode of transmission is complicated both by thenecessity to deliver the PECM(s) at the appropriate time and also by therequirements of transmitting streaming video data which has beencompressed according to MPEG-2, according to the preferred embodiment ofthe present invention.

The MPEG-2 standard defines a mode of compression which partially reliesupon redundancy within and between frames of the video data to reduce orremove unnecessary visual data. The removed data is chosen in order tominimize any degradation of the visual quality by exploiting propertiesof the human visual system. In particular, spatial encoding and temporalencoding are used to reduce unnecessary data. Spatial encoding reducesor removes spatial redundancy between different portions of the samepicture or frame of the video data, by encoding a reduced number ofpixels which are similar or identical, and then using this reducednumber to fill the relevant areas of the picture.

Temporal encoding reduces or removes temporal redundancy betweendifferent pictures or frames of the video data, by using motionestimation and inter-frame prediction. For example, inter-frameprediction starts with one complete frame, or I-frame, as a basis fromwhich other frames are then constructed from reduced transmitted data.Predicted frames, or P-frames, are predicted from either a previousI-frame or a previous P-frame. B-frames are another type of predictedframes, but are predicted bi-directionally from previous and/orsubsequent P-frames or I-frames. In order to avoid or reduce propagationof error and/or the effect of dropped or missed frames, the frames aredivided into Groups of Pictures (GOPs), which begin and end with acomplete I-frame.

During the “fast-forwarding” procedure, the visual data, or frames, aredelivered out of the strictly linear sequence, which clearly could beproblematic for this type of encoding and compression. The presentinvention overcomes any potential problems by preferably sending only aportion of the visual data during the “fast-forwarding” procedure. Morepreferably, only the I-frames are sent, which provides sufficient visualquality without the difficulty of sufficiently rapid decoding of thevisual data.

Transmission server 380 more preferably edits the transmitted stream ofdata in order for the essential portions to be transmitted and timelydisplayed during the “fast-forwarding” procedure. In order for suchediting to occur sufficiently rapidly, according to a preferredembodiment of the present invention, at least a portion of the data isnot encrypted. This portion more preferably includes the transportpackets containing the start or end of any video PES packet and/orI-frame packet, for editing to be sufficiently rapid.

In order for end-user client 390 to be able to decrypt the portions ofthe visual data sufficiently rapidly, end-user client 390 needs toreceive the PECM a sufficient period of time before the correspondingvisual data is to be displayed. Transmission server 380 preferablycalculates the position within the transport stream according to therelevant time of display by end-user client 390, and then sends eachPECM a sufficient period of time before this display is required. Thisperiod of time preferably also includes time for generating the controlword from the PECM and also decrypting the encrypted digital mediacontent. Alternatively, as previously described, all required PECM(s)could optionally be sent at once, before the encrypted content istransmitted or at the start of transmission.

It should be noted that a similar procedure could also optionally befollowed for “rewinding” or showing a previous portion of content, againout of sequence. In this case, selected parts of the visual stream arestreamed to end-user client 390 but in reverse order. Again, the PECM(s)need to be transmitted a sufficient period of time before the contentneeds to be displayed.

Generally, the display of the content in a non-linear order according tothe present invention relies upon some marker or feature within thecontent, for determining which alterations to the content are necessaryfor display out of sequence. For example, with regard to MPEG-2,preferably only the I-frames are transmitted, such that the content isedited for transmission of this type of data only. Other types ofmarkers or features may also optionally be used. In this respect, thepresent invention may be distinguished from background art referencessuch as PCT Application No. WO 01/35669, which rely upon heuristics fordetermining which content is to be displayed out of the sequentialorder.

These two implementations for displaying content out of a strictlylinear sequence or order also preferably feature the separate storage ofa SECM in a separate file, rather than storing this content with thefile. As previously described, separate storage of the SECM enables thecontent to be more easily adjusted for display out of the strictlylinear sequence or order.

According to a preferred but optional implementation of the presentinvention, end-user client 390 optionally and more preferably features arenewable, removable security module 490, such as a smartcard forexample, for decrypting or otherwise unscrambling content which the userhas requested, as previously described for background art FIGS. 1 and 2.Security module 490 is itself preferably secured, such that informationcontained within this module is protected from unauthorized access.Security module 490 receives and/or generates the necessary controlword, and is then able to unscramble the received content for play backor other display. Most preferably, the operation of security module 490is transparent or substantially transparent to the end user.

While the invention has been described with respect to a limited numberof embodiments, it will be appreciated that many variations,modifications and other applications of the invention may be made.

1. A method for communicating digital media content in a video on demandenvironment, the method comprising: storing at at least one locationremote from a subscriber and accessible to a headend a multiplicity ofencrypted video on demand programs and a multiplicity ofnon-personalized control word generating information for generatingnon-personalized control words for decryption of said multiplicity ofencrypted video on demand programs; responsive to receipt of a video ondemand request from a subscriber for a subscriber-selected one of saidmultiplicity of encrypted video on demand programs, personalizing forthe use of said subscriber non-personalized control word generatinginformation for generating non-personalized control words to providepersonalized control word generating information for generatingpersonalized control words for decryption only by said subscriber ofsaid subscriber-selected one of said multiplicity of encrypted video ondemand programs; and thereafter and responsive to said video on demandrequest, transmitting to a set top box of said subscriber saidsubscriber-selected one of said multiplicity of encrypted video ondemand programs and said personalized control word generatinginformation for generating personalized control words for decryptiononly by said subscriber of said subscriber-selected one of saidmultiplicity of encrypted video on demand programs.
 2. A method forcommunicating digital media content, the method comprising: storing atat least one location remote from a subscriber and accessible to aheadend a multiplicity of encrypted media content items and amultiplicity of non-personalized control word generating information forgenerating non-personalized control words for decryption of saidmultiplicity of encrypted media content items; responsive to receipt ofa media request from a subscriber for a subscriber-selected one of saidmultiplicity of encrypted media content items, personalizing for the useof said subscriber non-personalized control word generating informationfor generating non-personalized control words to provide personalizedcontrol word generating information for generating personalized controlwords for decryption only by said subscriber of said subscriber-selectedone of said multiplicity of encrypted media content items; andthereafter and responsive to said media request, transmitting to aclient device of said subscriber said subscriber-selected one of saidmultiplicity of encrypted media content items and said personalizedcontrol word generating information for generating personalized controlwords for decryption only by said subscriber of said subscriber-selectedone of said multiplicity of encrypted media content items.
 3. The methodaccording to claim 2 further comprising: responsive to said mediarequest, selecting a selected location from said at least one locationfor transmitting to a client device of said subscriber saidsubscriber-selected one of said multiplicity of encrypted media contentitems and said personalized control word generating information forgenerating personalized control words for decryption only by saidsubscriber of said subscriber-selected one of said multiplicity ofencrypted media content items, wherein said selected location isselected according to at least one characteristic of said selectedlocation.
 4. The method according to claim 3 and wherein at least saidpersonalized control word generating information is transmittedseparately from said subscriber selected one of said multiplicity ofencrypted media content items by said selected location.
 5. The methodaccording to claim 3 and wherein said personalized control wordgenerating information is at least partially personalized according toat least one characteristic of said subscriber.
 6. The method accordingto claim 5 and wherein said personalized control word generatinginformation is transmitted to said subscriber, such that said subscribergenerates said personalized control words.
 7. The method according toclaim 3 and wherein at least said personalized control word generatinginformation is transmitted with said subscriber selected one of saidmultiplicity of encrypted media content items by said selected location.8. The method according to claim 3 and wherein said subscriber selectedone of said multiplicity of encrypted media content items is dividedinto a plurality of segments, each segment being encrypted with adifferent key.
 9. The method according to claim 8 and wherein saidplurality of segments form a linear sequence, and wherein at least oneof said segments is displayed out of said linear sequence, such that atleast personalized control word generating information for decryptiononly by said subscriber of at least one of said segments being displayedout of said linear sequence is transmitted by said selected locationsuch that said at least one segment is decrypted in time for display.10. The method according to claim 9 and wherein at least a portion ofsaid at least one of said segments is edited by said selected location.11. The method according to claim 10 and wherein said portion isselected according to at least one marker in said segment.
 12. Themethod according to claim 11 and wherein said at least one marker is anI-frame for digital media content formatted according to MPEG-2.
 13. Themethod according to claim 10 and wherein said portion is unencrypted atsaid selected location before being edited.
 14. The method according toclaim 3 and wherein said selected location further comprises anencryption head-end, and said encryption head-end personalizes at leastsaid non-personalized control word generating information to formpersonalized control word generating information.
 15. The methodaccording to claim 14 and wherein said selected location furthercomprises a transmission server, and said transmission server transmitssaid subscriber-selected one of said multiplicity of encrypted mediacontent items.
 16. The method according to claim 15 and wherein saidtransmission server further transmits said personalized control wordgenerating information.
 17. The method according to claim 16 and whereinsaid subscriber-selected one of said multiplicity of encrypted mediacontent items is transmitted in a transmission stream, and saidpersonalized control word generating information is inserted into saidtransmission stream.
 18. The method according to claim 16 and whereinsaid personalized control word generating information is transmittedseparately from said subscriber-selected one of said multiplicity ofencrypted media content items.
 19. The method according to claim 2 andwherein said subscriber selects a selected location from said at leastone locations for sending said media request.
 20. The method accordingto claim 3 and wherein said selected location is selected according toquality of service deliverable to said subscriber.
 21. Apparatus forcommunicating digital media content, the apparatus being at a locationremote from a subscriber and accessible to a headend, the apparatuscomprising: a store for storing a multiplicity of encrypted mediacontent items and a multiplicity of non-personalized control wordgenerating information for generating non-personalized control words fordecryption of said multiplicity of encrypted media content items; anencryption headend, responsive to receipt of a media request from asubscriber for a subscriber-selected on6 of said multiplicity ofencrypted media content items, for personalizing for the use of saidsubscriber non-personalized control word generating information forgenerating non-personalized control words to provide personalizedcontrol word generating information for generating personalized controlwords for decryption only by said subscriber of said subscriber-selectedone of said multiplicity of encrypted media content items; and atransmission server, responsive to said media request, for transmittingto a client device of said subscriber said subscriber-selected one ofsaid multiplicity of encrypted media content items and said personalizedcontrol word generating information for generating personalized controlwords for decryption only by said subscriber of said subscriber-selectedone of said multiplicity of encrypted media content items.
 22. Apparatusaccording to claim 21 and wherein said personalized control wordgenerating information is personalized at least partially according to acharacteristic of said subscriber.
 23. Apparatus according to claim 21and wherein said transmission server further comprises a video pump fortransmitting said subscriber-selected one of said multiplicity ofencrypted media content items and said personalized control wordgenerating information for generating personalized control words fordecryption only by said subscriber of said subscriber-selected one ofsaid multiplicity of encrypted media content items simultaneously tosaid subscriber.
 24. Apparatus according to claim 21 and wherein saidtransmission server further comprises a video pump for transmitting saidsubscriber-selected one of said multiplicity of encrypted media contentitems and said personalized control word generating information forgenerating personalized control words for decryption only by saidsubscriber of said subscriber-selected one of said multiplicity ofencrypted media content items separately to said subscriber. 25.Apparatus according to claim 21 and wherein said encryption headendfurther comprises a decryptor for receiving encrypted decryptioninformation and for decrypting said encrypted decryption information.26. Apparatus for communicating digital media content, the apparatusbeing at a location remote from a subscriber and accessible to aheadend, the apparatus comprising: means for storing a multiplicity ofencrypted media content items and a multiplicity of non-personalizedcontrol word generating information for generating non-personalizedcontrol words for decryption of said multiplicity of encrypted mediacontent items; personalization means, responsive to receipt of a mediarequest from a subscriber for a subscriber-selected one of saidmultiplicity of encrypted media content items, for personalizing for theuse of said subscriber non-personalized control word generatinginformation for generating non-personalized control words to providepersonalized control word generating information for generatingpersonalized control words for decryption only by said subscriber ofsaid subscriber-selected one of said multiplicity of encrypted mediacontent items; and transmission means, responsive to said media request,for transmitting to a client device of said subscriber saidsubscriber-selected one of said multiplicity of encrypted media contentitems and said personalized control word generating information forgenerating personalized control words for decryption only by saidsubscriber of said subscriber-selected one of said multiplicity ofencrypted media content items.